Genuine or spoof?

supersleuth

supersleuth last edited by

I recently found this message in my mail inbox.
It looks like a spoof message to me.
It seems to come from Opera Security team at noreply@e.opera.com

Please advise if this is genuine or a hoax
.......................................

We're closing your Opera account unless you sign in
Dear Opera account owner,

We see that it has been a long time since you have signed in to your Opera account.

If you’d like to keep your account, please sign in before October 31st, 2016. Otherwise we’ll take this as a sign that you’d like us to delete your account.

We also wanted to let you know that on August 26th, 2016, we reset the password for all Opera accounts as a precautionary measure because we detected an attack on our servers. To sign in and regain access to your account, you will need to click “Forgot password” on the Opera account web page, and then follow instructions to create a new password. We take your data security very seriously and sincerely apologize for the inconvenience.

If you have already reset your password (after Aug 26th, 2016), you do not need to reset again.

Thank you for your cooperation,
The Opera sync team

donq

donq last edited by

26th august attack was real and Opera resetted many passwords too. Well, my letter from Opera was worded differently and no hints to account deletion were there; I had already changed my password (notices about attack were spreading here before mails were sent) either.

Anyway, you can visit your Opera account and change password - this doesn't hurt in any way. Sure you should always navigate into any system from browser itself, not by clicking any links in e-mails - basic security practice.

chrisnd

chrisnd last edited by

I got the same email - but hovering the mouse over the link gives the domain as opera.us7.list-manage.com - which suggests its an attempt at a spoof. Ie phishing.

If its genuine, then Opera should know better than to use a non-opera domain name for such an email!

HTH Chris

blackbird71

blackbird71 last edited by

The list-manage.com domain is owned by MailChimp, which was the origin site for the late-August password notifications I received regarding my Opera account. As @donq notes, one should never click eMail links - particularly for log-in purposes. However, upon close examination/analysis, the link in the notifications I received did route only to Opera's security blog, where the official security notification was posted. Opera probably 'farmed out' the distribution of the message to account holders for cost reasons, but I agree with @chrisnd that for something of this sort, using a non-Opera domain to originate the message was ill-advised in a world full of phishing and spoofs.

In any case, as @donq again notes, when something like this is received, one should always visit the log-in site using a typed-in URL address, an existing bookmark, or one copied from a known-good reference document - never using whatever appears in the eMail notice or clicking on it.

howardw

howardw last edited by

It took me three attempts to reset my password, because every time I tried to login with my user name I got a does not match error message and had to go through the reset procedure over and over again. I can now only sign in using my recovery email address which for some reason it accepts. Deeply annoyed. I should have just let them cancel my account and I would not have wasted 20 minutes of my life trying to sort out Opera's issues.

tserzhant

tserzhant last edited by

That was exactly what I received 2 days ago as well!..

''We're closing your Opera account unless you sign in' .. blah-blah-blah .. 'please sign in' .. or .. 'we’ll take this as a sign that you’d like us to delete your account' .. blah-blah-blah .. '

As was suggested in that email (that was, by the way, emailed-by 'mail71.atl111.rsgsv.net' in my case), I reset my password and signed in immediately, and what, You think, I have as a result - despite the fact, that my account was registered more than 4 years ago, the system is wrongly 'saying' now that it was only created just 2 days ago!..

Well, my dear Opera, You know, from around that moment(s), when You shut down Your good-old My Opera Link and My Opera Mail (and MyOpera in general) and after all of this presently, I'm disappointed in You and seems don't understand anymore, how even can I trust You (and in You)!.. Unfortunately...

Deleted User

Deleted User last edited by

I received this exact same email and wondered if it was genuine.
I clicked anyway.
Finally figured out how to reset password.
Received the link
Reset
Got the error message.
Opened a new tab
typed in www.opera.com in the address bar
Again chose "reset password"
Received the reset link email
clicked on that link
reset password again.
NOW it works.
However, the profile shows my username as "cutieasbasb"
I would NEVER, ever have chosen 'cutie' as part of my username and have no idea why I have this username.
Makes me wonder if I'm actually at the real opera website.
I think I'll just change my email, username and password just to be sure.

tserzhant

tserzhant last edited by

2 asbasb

think I'll just change my .. username

Guess what - You can't do that!.. I mean, the Opera doesn't allow us to change our usernames, as well as they don't accept capitalized letters in username(s) anymore...

arnold-s

arnold-s last edited by

This morning, 5 Oct 2016, I received the same message. In Firefox, when I hover over the last/bottom link, "Give it a try at www.opera.com", I see "http://opr.as/nnnnnnn". Soooooo, seems to me that this is NOT a genuine Opera message.

leocg

leocg Moderator Volunteer last edited by

opr.as is a Opera domain: http://whois.domaintools.com/opr.as

Domain:
opr.as

Domain Status:
Active

Registrant:
Opera Software ASA